10 Things I know about… Security training


By Janelle Drolet

Director of Sales

Janelle Drolet leads the Towerwall Sales Team in providing clients key insight and expertise in sele

Read More

Our VP of Sales and Operations, Janelle Drolet shares her 10 Things I know about… Security training with Worcester Business Journal

10 Things I know about … Security Training
10 Things I know about … Security Training

10) Become security aware: Organizations face the enormous challenge of safeguarding data from complex cyber threats. Human error still accounts for 95% of security breaches, according to the World Economic Forum.

9) Employee accountability: Security lies in what employees know and are trained to know, the tools at their disposal, and how they respond to phishing attacks.

8) Build a human firewall: By regularly conducting simulated phishing exercises seven times a year, organizations can train their workforce, cultivating their intuition and muscle memory to combat threats.

7) Limit tech overreliance: A holistic approach considering people, processes, technology, and oversight is necessary for security enforcement.

6) Awareness vs. action: Fostering a culture of security-minded behavior requires motivation and participation. Develop a shared sense of responsibility.

5) Communication challenges: Communicate concerns to all department levels without jargon. Security professionals should stress the financial fallout from an attack.

4) Behavior science: Understanding motivations, discouragements, and responses to phishing tests can make training more effective in creating a strong security culture. Use the carrot, not the stick. Never humiliate when someone fails a phishing test but highlight the risk to the business.

3) Tailor training content: Tailor the training content to various groups or departments depending on their security maturity. Use fun incentives like gamification, gift cards, badges, team vs. team.

2) Buy-in from the top: Leaders should set an example by taking the training. Employees need to hear about the potential for business disruption and costly remediation of a cyberattack.

1) Integrate awareness with new tech: As new technologies like AI and blockchain are more prevalent, employees must be trained to manage their security aspects.


This article was originally posted on Worcester Business Journal >